When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in denial of service. The vulnerability was addressed by improving the point-scalar multiplication algorithm to account for anomalous input and by ensuring that errors are returned from library routines before any output buffer is written.
For more information, see Western Digital security bulletin WDC-22013.
When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in denial of service. The vulnerability was addressed by improving the point-scalar multiplication algorithm to account for anomalous input and by ensuring that errors are returned from library routines before any output buffer is written.
For more information, see Western Digital security bulletin WDC-22013.